I was not able to determine if there was any body text from my sample collector, however each sample had an identical attachment message_01983527496.wav.zip which contains a malicious executable message_01983527496.exe. This has a VirusTotal detection rate of 5/55 and automated analysis tools [1][2] show it POSTing to:

wedspa.su/go/gate.php

This is hosted on a RU-Center IP address of 185.26.113.229 in Russia. Furthmore, a malicious executable is downloaded from the following locations:

globalconspiracy.hj.cx/1.exemastiksoul.org/1.exe

In turn, this has a detection rate of 2/55 and automated analysis of this[1][2] show that it phones home to 212.47.196.149 (Web Hosting Solutions, Estonia).

The payload is unclear at this point, but you can guarantee that it will be nothing good.